4

Im trying to sign some data using PKCS#12 certificate ,however i have problem with obtaining private key from PKCS#12 (.p12) file.

    public byte[] sign(string text)
    {
        string password = "1111";
        X509Certificate2 cert = new X509Certificate2("c:\\certificate.p12",password);
        byte[] certData = cert.Export(X509ContentType.Pfx,password);

        X509Certificate2 newCert = new X509Certificate2(certData, password);
        RSACryptoServiceProvider crypt = (RSACryptoServiceProvider)newCert.PrivateKey;

        SHA1Managed sha1 = new SHA1Managed();
        UnicodeEncoding encoding = new UnicodeEncoding();
        byte[] data = encoding.GetBytes(text);
        byte[] hash = sha1.ComputeHash(data);
        return crypt.SignHash(hash, CryptoConfig.MapNameToOID("SHA1"));
    }

The problem is that newCert.PrivateKey is null but if i am using .pfx certicitae in similar way it works.

    public byte[] sign(string text)
    {
        string password = "1234";
        X509Certificate2 cert = new X509Certificate2("c:\\certificate.pfx", password);
        RSACryptoServiceProvider crypt = (RSACryptoServiceProvider)cert.PrivateKey;
        SHA1Managed sha1 = new SHA1Managed();
        UnicodeEncoding encoding = new UnicodeEncoding();
        byte[] data = encoding.GetBytes(text);
        byte[] hash = sha1.ComputeHash(data);
        return crypt.SignHash(hash, CryptoConfig.MapNameToOID("SHA1"));
    }

So the question is how to get that private key from .p12 file ?

Kiquenet
  • 14,494
  • 35
  • 148
  • 243
Alan
  • 622
  • 2
  • 6
  • 18
  • Have you tried the same code for both the .PFX and the .P12? Depending on where you got your P12 from, it's supposed to be quite the same I believe. – Simon Mourier Sep 28 '11 at 08:09

4 Answers4

3

I had a similar problem which I posted here, although it is not the same thing for you, the problem may be also permissions.
My suggestions are, first, you have to make sure (which I suppose you already did) that the private key is exportable and you have permissions to the file.
Next, try exporting the content type as X509ContentType.Pkcs12 instead of X509ContentType.Pfx
Finally, if it is possible, why don't you try importing it to the certstore. I believe that's more secure. The steps are in the link above.

skw
  • 516
  • 7
  • 19
  • Thanks for te answer. Permissions are not a problem, same with non exportable key. I tried changing type to `X509ContentType.Pkcs12` but with the same result. Altough importing this to certstore could be a sollution. – Alan Sep 28 '11 at 09:04
0

Have a look at this question. It looks very similar.

Community
  • 1
  • 1
Timores
  • 14,439
  • 3
  • 46
  • 46
  • Hi @Timores. Thanks for the link but solution from that question isn't working for me apparently. – Alan Mar 30 '11 at 11:12
0

In the docs, it says that .export() doesn't support the Pfx type, only Cert, SerializedCert, and Pkcs12.

Ivo
  • 5,378
  • 2
  • 18
  • 18
-1

This was done for using Android - so the R.raw.key below was my file in the Android Raw folder.

I opened key.p12 as as input stream. Which I then converted to the private key using the libraries as seen in the example.

http://www.flexiprovider.de/examples/ExampleSMIMEsign.html

My code looks like this

Security.addProvider(new de.flexiprovider.core.FlexiCoreProvider());
    // Next, we have to read the private PKCS #12 file, since the the
    // private key used for signing is contained in this file:
    DERDecoder dec = new DERDecoder(getResources().openRawResource(
            R.raw.key));
    PFX pfx = new PFX();
    try {
        pfx.decode(dec);
        SafeBag safeBag = pfx.getAuthSafe().getSafeContents(0)
                .getSafeBag(0);
        PKCS8ShroudedKeyBag kBag = (PKCS8ShroudedKeyBag) safeBag
                .getBagValue();
        char[] password = "my password for the p12".toCharArray();
        privKey = kBag.getPrivateKey(password);
        new AsyncLoadStorage(this).execute();
    } catch (ASN1Exception e) {
Ryan Heitner
  • 13,119
  • 6
  • 77
  • 119
  • I believe its in Java. When i wrote that program i need it to do this in C# but thanks for sharing this. – Alan Sep 04 '12 at 12:00